Oval Definition:oval:com.redhat.rhsa:def:20141166
Revision Date:2014-09-08Version:635
Title:RHSA-2014:1166: jakarta-commons-httpclient security update (Important)
Description:Jakarta Commons HTTPClient implements the client side of HTTP standards.

  • It was discovered that the HTTPClient incorrectly extracted host name from an X.509 certificate subject's Common Name (CN) field. A man-in-the-middle attacker could use this flaw to spoof an SSL server using a specially crafted X.509 certificate. (CVE-2014-3577)

    For additional information on this flaw, refer to the Knowledgebase article in the References section.

    All jakarta-commons-httpclient users are advised to upgrade to these updated packages, which contain a backported patch to correct this issue.
    • Family:unixClass:patch
    Status:Reference(s):CVE-2014-3577
    CVE-2014-3577
    RHSA-2014:1166
    RHSA-2014:1166-00
    RHSA-2014:1166-01
    Platform(s):Red Hat Enterprise Linux 5
    Red Hat Enterprise Linux 6
    Red Hat Enterprise Linux 7
    		Product(s):
    Definition Synopsis
  • Red Hat Enterprise Linux must be installed
  • OR Package Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • jakarta-commons-httpclient is earlier than 1:3.0-7jpp.4.el5_10
  • AND jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.4.el5_10
  • AND jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.4.el5_10
  • AND jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.4.el5_10
  • AND jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 6 is installed
  • AND
  • jakarta-commons-httpclient is earlier than 1:3.1-0.9.el6_5
  • AND jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-demo is earlier than 1:3.1-0.9.el6_5
  • AND jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.9.el6_5
  • AND jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-manual is earlier than 1:3.1-0.9.el6_5
  • AND jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 is installed
  • AND
  • jakarta-commons-httpclient is earlier than 1:3.1-16.el7_0
  • AND jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-demo is earlier than 1:3.1-16.el7_0
  • AND jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.1-16.el7_0
  • AND jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-manual is earlier than 1:3.1-16.el7_0
  • AND jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease2 key
    • Definition Synopsis
  • Release Information
  • Red Hat Enterprise Linux 5 is installed
  • AND
  • jakarta-commons-httpclient is earlier than 1:3.0-7jpp.4.el5_10
  • AND jakarta-commons-httpclient is signed with Red Hat redhatrelease key
  • jakarta-commons-httpclient-demo is earlier than 1:3.0-7jpp.4.el5_10
  • AND jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease key
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.0-7jpp.4.el5_10
  • AND jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease key
  • jakarta-commons-httpclient-manual is earlier than 1:3.0-7jpp.4.el5_10
  • AND jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease key
  • OR Package Information
  • Red Hat Enterprise Linux 6 Client is installed
  • OR Red Hat Enterprise Linux 6 Server is installed
  • OR Red Hat Enterprise Linux 6 Workstation is installed
  • OR Red Hat Enterprise Linux 6 ComputeNode is installed
  • AND
  • jakarta-commons-httpclient is earlier than 1:3.1-0.9.el6_5
  • AND jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-demo is earlier than 1:3.1-0.9.el6_5
  • AND jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.1-0.9.el6_5
  • AND jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-manual is earlier than 1:3.1-0.9.el6_5
  • AND jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease2 key
  • OR Package Information
  • Red Hat Enterprise Linux 7 Client is installed
  • OR Red Hat Enterprise Linux 7 Server is installed
  • OR Red Hat Enterprise Linux 7 Workstation is installed
  • OR Red Hat Enterprise Linux 7 ComputeNode is installed
  • AND
  • jakarta-commons-httpclient is earlier than 1:3.1-16.el7_0
  • AND jakarta-commons-httpclient is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-demo is earlier than 1:3.1-16.el7_0
  • AND jakarta-commons-httpclient-demo is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-javadoc is earlier than 1:3.1-16.el7_0
  • AND jakarta-commons-httpclient-javadoc is signed with Red Hat redhatrelease2 key
  • jakarta-commons-httpclient-manual is earlier than 1:3.1-16.el7_0
  • AND jakarta-commons-httpclient-manual is signed with Red Hat redhatrelease2 key
    • BACK